Figure 13.1 Simplified Depiction of
Essential Elements of Digital
Signature Process
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Properties
It must verify the author and the date and time of the
signature
It must authenticate the contents at the time of the
signature
It must be verifiable by third parties to resolve disputes
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Attacks
Key-only attack
C only knows As public key
Known message attack
C is given access to a set of messages and their signatures
Generic chosen message attack
C chooses a list of messages before attempting to break As signature scheme, independent of As public key; C then obtains from A valid signatures for the chosen messages
Directed chosen message attack
Similar to the generic attack, except that the list of messages to be signed is chosen after C knows As public key but before any signatures are seen
Adaptive chosen message attack
C may request from A signatures of messages that depend on previously obtained message-signature pairs
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Forgeries
Total break
C determines As private key
Universal forgery
C finds an efficient signing algorithm that provides an
equivalent way of constructing signatures on arbitrary
messages
Selective forgery
C forges a signature for a particular message chosen
by C
Existential forgery
C forges a signature for at least one message; C has
no control over the message
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Requirements
The signature must be a bit pattern that depends on the
message being signed
The signature must use some information unique to the sender
to prevent both forgery and denial
It must be relatively easy to produce the digital signature
It must be relatively easy to recognize and verify the digital
signature
It must be computationally infeasible to forge a digital signature,
either by constructing a new message for an existing digital
signature or by constructing a fraudulent digital signature for a
given message
It must be practical to retain a copy of the digital signature in
storage
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Direct Digital Signature
Refers to a digital signature scheme that involves only the communicating
parties
It is assumed that the destination knows the public key of the source
Confidentiality can be provided by encrypting the entire message plus
signature with a shared secret key
It is important to perform the signature function first and then an outer
confidentiality function
In case of dispute some third party must view the message and its
signature
The validity of the scheme depends on the security of the senders private key
If a sender later wishes to deny sending a particular message, the sender
can claim that the private key was lost or stolen and that someone else
forged his or her signature
One way to thwart or at least weaken this ploy is to require every signed
message to include a timestamp and to require prompt reporting of
compromised keys to a central authority
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
ElGamal Digital Signature
Scheme involves the use of the private key for encryption
and the public key for decryption
Global elements are a prime number q and a, which is a
primitive root of q
Use private key for encryption (signing)
Uses public key for decryption (verification)
Each user generates their key
Chooses a secret key (number): 1 < xA < q-1
Compute their public key: yA = a xA mod q
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Schnorr Digital Signature
Scheme is based on discrete logarithms
Minimizes the message-dependent amount of computation
required to generate a signature
Multiplying a 2n-bit integer with an n-bit integer
Main work can be done during the idle time of the
processor
Based on using a prime modulus p, with p 1 having a
prime factor q of appropriate size
Typically p is a 1024-bit number, and q is a 160-bit
number
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
N I S T Digital Signature Algorithm
Published by N I S T as Federal Information Processing
Standard F I P S 186
Makes use of the Secure Hash Algorithm (S H A)
The latest version, F I P S 186-3, also incorporates digital
signature algorithms based on R S A and on elliptic curve
cryptography
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.2 Two Approaches to
Digital Signatures
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.3 The Digital Signature
Algorithm (D S A)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.4 D S A Signing and Verifying
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curve Digital Signature
Algorithm (E C D S A)
Four elements are involved:
All those participating in the digital signature scheme use
the same global domain parameters, which define an elliptic
curve and a point of origin on the curve
A signer must first generate a public, private key pair
A hash value is generated for the message to be signed;
using the private key, the domain parameters, and the hash
value, a signature is generated
To verify the signature, the verifier uses as input the signers
public key, the domain parameters, and the integer s; the
output is a value v that is compared to r ; the signature is
verified if the v = r
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.5 E C D S A Signing and
Verifying
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
R S A-P S S
R S A Probabilistic Signature Scheme
Included in the 2009 version of F I P S 186
Latest of the R S A schemes and the one that R S A Laboratories
recommends as the most secure of the R S A schemes
For all schemes developed prior to P S S it has not been possible
to develop a mathematical proof that the signature scheme is as
secure as the underlying R S A encryption/decryption primitive
The PSS approach was first proposed by Bellare and Rogaway
This approach, unlike the other R S A-based schemes,
introduces a randomization process that enables the security of
the method to be shown to be closely related to the security of
the R S A algorithm itself
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Mask Generation Function (M G F)
Typically based on a secure cryptographic hash function
such as S H A-1
Is intended to be a cryptographically secure way of
generating a message digest, or hash, of variable
length based on an underlying cryptographic hash
function that produces a fixed-length output
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.6 R S A-P S S Encoding
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.7 R S A-P S S E M Verification
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Summary
Present an overview of the digital signature process
Understand the ElGamal digital signature scheme
Understand the Schnorr digital signature scheme
Understand the N I S T digital signature scheme
Compare and contrast the N I S T digital signature scheme
with the ElGamal and Schnorr digital signature schemes
Understand the elliptic curve digital signature scheme
Understand the R S A-P S S digital signature scheme
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright
This work is protected by United States copyright laws and is
provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Homework Answers
Blog
Archive
Tags
Reviews
Contact
google+twitterfacebook
Copyright © 2021 HomeworkMarket.comHOMEWORKMARKET.COM YOUR HOMEWORK ANSWERSHomeworkMarket
chat0
Home.Literature.
Help.
Log in / Sign up
Week 6 Discussion
profile
Brian34
Chapter13.pdf
Home>Information Systems homework help>Week 6 Discussion
Cryptography and Network Security:
Principles and Practice Eighth Edition
Chapter 13
Digital Signatures
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.1 Simplified Depiction of
Essential Elements of Digital
Signature Process
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Properties
It must verify the author and the date and time of the
signature
It must authenticate the contents at the time of the
signature
It must be verifiable by third parties to resolve disputes
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Attacks
Key-only attack
C only knows As public key
Known message attack
C is given access to a set of messages and their signatures
Generic chosen message attack
C chooses a list of messages before attempting to break As signature scheme, independent of As public key; C then obtains from A valid signatures for the chosen messages
Directed chosen message attack
Similar to the generic attack, except that the list of messages to be signed is chosen after C knows As public key but before any signatures are seen
Adaptive chosen message attack
C may request from A signatures of messages that depend on previously obtained message-signature pairs
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Forgeries
Total break
C determines As private key
Universal forgery
C finds an efficient signing algorithm that provides an
equivalent way of constructing signatures on arbitrary
messages
Selective forgery
C forges a signature for a particular message chosen
by C
Existential forgery
C forges a signature for at least one message; C has
no control over the message
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Requirements
The signature must be a bit pattern that depends on the
message being signed
The signature must use some information unique to the sender
to prevent both forgery and denial
It must be relatively easy to produce the digital signature
It must be relatively easy to recognize and verify the digital
signature
It must be computationally infeasible to forge a digital signature,
either by constructing a new message for an existing digital
signature or by constructing a fraudulent digital signature for a
given message
It must be practical to retain a copy of the digital signature in
storage
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Direct Digital Signature
Refers to a digital signature scheme that involves only the communicating
parties
It is assumed that the destination knows the public key of the source
Confidentiality can be provided by encrypting the entire message plus
signature with a shared secret key
It is important to perform the signature function first and then an outer
confidentiality function
In case of dispute some third party must view the message and its
signature
The validity of the scheme depends on the security of the senders private key
If a sender later wishes to deny sending a particular message, the sender
can claim that the private key was lost or stolen and that someone else
forged his or her signature
One way to thwart or at least weaken this ploy is to require every signed
message to include a timestamp and to require prompt reporting of
compromised keys to a central authority
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
ElGamal Digital Signature
Scheme involves the use of the private key for encryption
and the public key for decryption
Global elements are a prime number q and a, which is a
primitive root of q
Use private key for encryption (signing)
Uses public key for decryption (verification)
Each user generates their key
Chooses a secret key (number): 1 < xA < q-1 Compute their public key: yA = a xA mod q Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Schnorr Digital Signature Scheme is based on discrete logarithms Minimizes the message-dependent amount of computation required to generate a signature Multiplying a 2n-bit integer with an n-bit integer Main work can be done during the idle time of the processor Based on using a prime modulus p, with p 1 having a prime factor q of appropriate size Typically p is a 1024-bit number, and q is a 160-bit number Copyright © 2020 Pearson Education, Inc. All Rights Reserved. N I S T Digital Signature Algorithm Published by N I S T as Federal Information Processing Standard F I P S 186 Makes use of the Secure Hash Algorithm (S H A) The latest version, F I P S 186-3, also incorporates digital signature algorithms based on R S A and on elliptic curve cryptography Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.2 Two Approaches to Digital Signatures Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.3 The Digital Signature Algorithm (D S A) Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.4 D S A Signing and Verifying Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Elliptic Curve Digital Signature Algorithm (E C D S A) Four elements are involved: All those participating in the digital signature scheme use the same global domain parameters, which define an elliptic curve and a point of origin on the curve A signer must first generate a public, private key pair A hash value is generated for the message to be signed; using the private key, the domain parameters, and the hash value, a signature is generated To verify the signature, the verifier uses as input the signers public key, the domain parameters, and the integer s; the output is a value v that is compared to r ; the signature is verified if the v = r Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.5 E C D S A Signing and Verifying Copyright © 2020 Pearson Education, Inc. All Rights Reserved. R S A-P S S R S A Probabilistic Signature Scheme Included in the 2009 version of F I P S 186 Latest of the R S A schemes and the one that R S A Laboratories recommends as the most secure of the R S A schemes For all schemes developed prior to P S S it has not been possible to develop a mathematical proof that the signature scheme is as secure as the underlying R S A encryption/decryption primitive The PSS approach was first proposed by Bellare and Rogaway This approach, unlike the other R S A-based schemes, introduces a randomization process that enables the security of the method to be shown to be closely related to the security of the R S A algorithm itself Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Mask Generation Function (M G F) Typically based on a secure cryptographic hash function such as S H A-1 Is intended to be a cryptographically secure way of generating a message digest, or hash, of variable length based on an underlying cryptographic hash function that produces a fixed-length output Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.6 R S A-P S S Encoding Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.7 R S A-P S S E M Verification Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Summary Present an overview of the digital signature process Understand the ElGamal digital signature scheme Understand the Schnorr digital signature scheme Understand the N I S T digital signature scheme Compare and contrast the N I S T digital signature scheme with the ElGamal and Schnorr digital signature schemes Understand the elliptic curve digital signature scheme Understand the R S A-P S S digital signature scheme Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials. Applied Sciences Architecture and Design Biology Business & Finance Chemistry Computer Science Geography Geology Education Engineering English Environmental science Spanish Government History Human Resource Management Information Systems Law Literature Mathematics Nursing Physics Political Science Psychology Reading Science Social Science Home Homework Answers Blog Archive Tags Reviews Contact google+twitterfacebook Copyright © 2021 HomeworkMarket.com
